Only one in ten UK firms say they are ready for the European Commission's proposed data protection directive, according to a survey of 200 firms employing more than 1,000 staff by OnePoll.
The survey found 87 percent admitting they would not be able to identify individuals affected by a data breach within the EC’s proposed 24-hour time frame.
In addition, 13 percent said it would take them between a week and one month to pinpoint which customer data was affected, while six percent did not believe they would ever be able to accurately obtain this information.
The LogRhythm research found that 72 percent believed the new EC breach disclosure rules would put them at risk of "over-disclosure". This is when organisations are forced to reveal more information than is strictly necessary, for example notifying every individual who might have been affected by a breach, rather than just those who definitely were.
"'Over-disclosure' is an issue that has been causing concern in locations like the US, which already has breach notification laws in place,” said Ross Brewer, vice president and managing director for international markets at security log management software firm LogRhythm, which sponsored the research.
Brewer said the issuing of blanket breach notifications have negative repercussions for the affected organisation as, for instance, the severity of an incident may be overstated, leading to a loss of confidence amongst potential and existing customers.
In addition, the cost of informing an individual their data may have been stolen is just as high as telling them it definitely has, said Ross.
Supporters of the directive will say in response that firms should be more careful about customers' data in the first place, and therefore avoid the bad publicity and expense resulting from breaches.
The survey showed that 77 percent of respondents believed the implementation of data breach penalties, such as the EC’s proposed two percent of an organisation’s global turnover, would motivate them to increase spending on IT security.
Brewer said: “It is worrying that so many organisations’ IT security decisions seem to be motivated by non-compliance and the threat of financial penalties, rather than a desire to employ a best practice approach."
He said it appears that these attitudes stem from the top, as 50 percent of respondents stated that new regulations are one of the main ways of engaging senior level staff with the IT security decision-making process.
Contact Us
Digg
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Comments received
Macdemon said on Wed, 18 Apr 2012
Why doesn't the EU just mind it's own bl**dy business.
Their incompetence is ruining the entire fabric of our society.
We have our own rules and regulations and will not be enforcing yours!!!!
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments